CVE-2021-22788 - OpenCVE

A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	140noe771x1 Firmware 140cpu65150 Bmxnoc0401 Bmxnor0200h Rtu Firmware Tsxp574634 140noc78x00 Bmxnoe0100 140noe771x1 140cpu65150 Firmware Tsxp575634 Tsxp574634 Firmware Tsxety4103 Firmware Tsxety5103 140noc78x00 Firmware Tsxp576634 Tsxety5103 Firmware Bmxnoe0110 Firmware Modicon M340 Bmxp342020 Tsxp575634 Firmware Bmxnoe0110 Bmxnor0200h Rtu 140noc77101 Tsxp576634 Firmware 140noc77101 Firmware Modicon M340 Bmxp342020 Firmware Bmxnoe0100 Firmware Bmxnoc0401 Firmware Tsxety4103

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoe0110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoe0110:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:bmxnoc0401_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnoc0401:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:bmxnor0200h_rtu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:bmxnor0200h_rtu:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:tsxp574634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp574634:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:schneider-electric:tsxp575634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp575634:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:schneider-electric:tsxp576634_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxp576634:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:140cpu65150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140cpu65150:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:140noe771x1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noe771x1:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:140noc78x00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc78x00:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:140noc77101_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:140noc77101:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:tsxety4103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety4103:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:schneider-electric:tsxety5103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tsxety5103:-:*:*:*:*:*:*:*

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-02-11T17:40:33

Updated: 2022-02-11T17:40:33

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22788

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-11T18:15:09.057

Modified: 2024-04-10T12:28:45.957

Link: CVE-2021-22788

JSON object: View

Redhat Information

No data.

CWE

CWE-787